Make your own free website on Tripod.com
 
Protecting
Look at this comparison
 
Statically Detecting Likely Buffer Overflow Vulnerabilities
David Larochelle, David Evans.
USENIX Security Symposium, August 2001
English.HTML English.PDF
¨This paper presents a new approach to mitigating buffer overflow vulnerabilities by detecting likely vulnerabilities through an analysis of the program source code. Our approach exploits information provided in  semantic comments and uses lightweight and efficient static analyses.¨
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade
Crispin Cowan, Perry Wagle, Calton Pu,Steve Beattie,Jonathan Walpole
http://www.cse.ogi.edu/DISC/projects/immunix/  , 1999
PDF
.
ProPolice: Protecting from stack-smashing attacks
Hiroaki Etoh and Kunikazu Yoda
IBM Research Division, Tokyo Research Laboratory, June 19, 2000
-
It is a GCC  extension for protecting applications from stack-smashing attacks. Applications written in C will be protected by the method that automatically inserts protection code into an application at compilation time. The protection is realized by buffer overflow detection and the variable reordering feature to avoid the corruption of pointers
A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities 
D. Wagner, J. Foster, E. Brewer, and A. Aiken (UC Berkeley) 
http://www.cs.berkeley.edu/~aiken/publications/papers/netsec00.ps 
PostScript
Automatic Detection and Prevention of Buffer-Overflow Attacks 
Crispin Cowan, Calton Pu, David Maier, Heather Hinton, Peat Bakke, Steve Beattie, Aaron Grier, Perry

Wagle, and Qian Zhang 
7th USENIX Security Symposium, San Antonio,TX, January 1998
PDF
 
Protecting Systems from Stack Smashing Attacks with StackGuard
Crispin Cowan, Steve Beattie, Ryan Finnin Day, Calton Pu, Perry Wagle, and Erik Walthinsen 
Linux Expo, Raleigh, NC, May 1999
PDFPostScript(gz)
 
Libsafe: Protecting Critical Elements of Stacks
Arash Baratloo, Timothy Tsai and Navjot Singh
Bell Labs, Lucent Technologies, December 1999
PDF
.

 
Make your software behave: Learning the basics of buffer overflows
Gary McGraw and John Viega [RST]
IBM, March  2000 
PDF
Make your software behave: 
Brass tacks and smash attacks  An analysis of how a buffer overflow attack works
Gary McGraw and John Viega [RST]
IBM, March  2000 
URL (wrong pdf file)  HTML
-
Make your software behave: 
Preventing buffer overflows Protect your code through defensive programming
Gary McGraw and John Viega [RST]
IBM, March  2000 
PDF HTML
-

Bypassing.
Defeating Solar Designer's Non-executable Stack Patch
Rafal Wojtczuk
January 1998 
HTML
Defeating Solaris/Sparc Non Executable Stack Protection
John McDonald
March 1999
HTML
Bypassing Stackguard and Stackshield. 
Bulba and Kil3r
Phrack Magazine 56(5),May 2000 
EnglishEspañol
StackGuard Mechanism: Emsi's Vulnerability
Mariusz Woloszyn
HTML
.